More Oversight Needed on Health IT, Says IOM

A new report from the Institute of Medicine (IOM) calls for the US Department of Health and Human Services (HHS) to publish a plan within 12 months to minimize patient safety risks associated with health information technology (IT) and report annually on the progress being made.

IOM's report examines a broad range of health IT, including electronic health records, secure patient portals, and health information exchanges, but not software for medical devices. However, if HHS' secretary determines that progress toward improving safety is insufficient within a year, the US Food and Drug Administration (FDA) should exercise its authority to regulate these technologies. Concurrently, FDA should begin planning the framework needed for potential regulation so that the agency is ready to act if necessary, the report says.

HHS should establish a mechanism for both technology vendors and users to report health IT-related deaths, injuries, or unsafe conditions. Reporting events related to patient safety should be mandatory for vendors and voluntary, confidential, and nonpunitive for health care providers. In addition, IOM says Congress should establish an independent federal entity to investigate patient deaths, injuries, or potential unsafe conditions associated with health IT.

The report also recommends that HHS fund a new Health IT Safety Council to evaluate criteria and develop methods for assessing and monitoring safety and measuring the impacts of health IT on safety. In addition, HHS should establish quality management principles and risk management processes in designing and implementing health IT products. The report adds that alerts in technology systems should be designed to have lower false-alarm rates, and computer interfaces need to be more intuitive for users.